Friends on File

Your privacy, in plain language

We built Friends on File to help you remember the people you care about. That means you trust us with sensitive information — and we take that seriously. Here is exactly what we collect, how we protect it, and the rights you have over it.

Last updated: March 3, 2026

On this page

What we collect

We only collect data you give us directly, or that is generated as a result of using the app. We do not buy, source, or infer data about you from third parties.

Account information

When you sign up we collect your email address, a hashed version of your password (we never store it in plain text), and your display name. We also store an encrypted secret for two-factor authentication, which is never exposed.

Friend data

Information you enter about friends: their name, nickname, birthday, email address, phone number, and any free-form notes you choose to add. You control every field — nothing is auto-populated from external sources.

Conversation notes

The text or voice transcript you submit when logging a conversation. This is the raw input you provide — we do not record or access your actual phone calls or meetings.

AI-generated content

Structured facts extracted from your conversations (for example, "started a new job at Acme"), friend profile summaries, talking points, and conversation summaries. All of this is generated from your own input and stored in your account.

Reminders

Reminder titles, dates, and the friend they relate to.

Usage and technical data

Basic analytics about how the app is used (pages visited, features clicked), your preferred language, and standard server logs (IP address, timestamps). We use this to understand how to improve the product.

How we store your data

Where your data lives

All data is stored in a managed database hosted within the European Union (Netherlands). Your data never leaves the EU.

Field-level encryption at rest

We do not just encrypt the database disk — we encrypt the actual content of sensitive fields before they reach the database. This means that even if someone obtained a copy of the database, your personal data would be unreadable without the encryption keys.

Every piece of personal content — friend details, conversation text, AI-generated profiles, and reminder information — is individually encrypted using industry-standard AES-256 encryption before it reaches the database. Even with direct database access, your data would be unreadable without the encryption keys.

How we search encrypted data

Because the actual values are encrypted, we cannot run a traditional database search on them. Instead, we use one-way cryptographic techniques that allow lookups without ever exposing the underlying data. These auxiliary values cannot be reversed to recover the original data.

Encryption key rotation

We use a multi-key setup that lets us rotate encryption keys without any downtime or data loss. When keys are rotated, data is re-encrypted transparently in the background.

Encryption in transit

All communication between your browser and our servers uses HTTPS with TLS. Data is never transmitted unencrypted.

How AI processes your data

Which AI provider we use

We use Google's Gemini AI (via Vertex AI) for all AI features, including extracting facts from conversations, building friend profiles, and generating talking points. Vertex AI is Google Cloud's enterprise AI platform, designed for secure, scalable AI workloads.

What data the AI sees

When AI processes a conversation, it receives only the relevant conversation text and existing profile data for the friends involved. It does not receive your user account ID, your email address, or any data about other users. Each AI call is scoped and sandboxed.

Your data is not used to train AI models

Google does not use data submitted via the Vertex AI API to train or improve its models. Your private conversation notes and friend data are never used as training data — this is covered by Google Cloud's Data Processing Addendum.

You review before anything is saved

AI-extracted facts are never applied to your friend profiles automatically. After each conversation is processed, you see a review screen where you can accept, edit, or reject each extracted fact before it becomes part of a profile. You are always in control.

Protection against prompt injection

We treat all user input strictly as data, never as instructions. Multiple layers of input validation and architectural safeguards prevent your conversation notes from being used to manipulate the AI's behaviour.

Voice transcription

Voice input is available on the Premium plan only.

How voice input works

When you use voice input, your audio is streamed in real-time to Google Cloud's speech transcription service. The resulting text transcript is what gets saved to your account.

Audio is never stored

We do not record, store, or retain your audio in any form. The audio stream is a pure pass-through — it travels from your device to Google's transcription service and nowhere else. Only the text transcript is saved.

Google Cloud transcription

Transcription is performed by Google Cloud's speech-to-text service. Google processes the audio solely to return a transcript and does not retain it for training purposes under the default API terms.

Data sharing

We do not sell your data

We will never sell, rent, or trade your personal data to third parties for marketing or any other commercial purpose.

Service providers

We share data with a small number of service providers who are necessary to operate the product. Each provider only receives the minimum data required for their specific function:

  • Google Cloud — infrastructure hosting, voice transcription, and AI processing (Vertex AI / Gemini). Processed under Google Cloud's Data Processing Addendum. Not used for model training.
  • Stripe — payment processing for subscription billing, processed under Stripe's Data Processing Agreement.
  • Google Analytics — aggregated, anonymised usage analytics. No personal friend or conversation data is included.

Legal requirements

We may disclose data if required by law, court order, or to protect the rights and safety of users or the public. We will notify you of such requests where legally permitted.

Business transfers

If Friends on File is acquired or merged, your data may transfer to the new owner. We will notify you in advance and your rights under this policy will continue to apply.

Your rights (GDPR)

Because your data is stored in the EU and we serve EU users, the General Data Protection Regulation (GDPR) applies. You have the following rights:

Right of access

You can request a copy of all personal data we hold about you. Use the data export feature in the app (Premium) or contact us directly.

Right to rectification

You can correct or update any personal data in your account at any time through the app settings and friend profiles.

Right to erasure

You can delete your account and all associated data at any time from the Settings page. Deletion is immediate and permanent — there is no recovery period.

Right to data portability

Premium users can export their data in a machine-readable format directly from the app. For other plans, contact us and we will provide an export.

Right to restriction

You can ask us to restrict processing of your data while a dispute is being resolved.

Right to object

You can object to processing based on legitimate interests. For analytics data, you can decline cookie consent.

Right to lodge a complaint

If you believe we have handled your data improperly, you have the right to lodge a complaint with your national data protection authority. In the Netherlands, that is the Autoriteit Persoonsgegevens.

To exercise any of these rights, contact us at privacy@friendsonfile.com. We will respond within 30 days.

Cookies & analytics

Essential cookies

These are required for the app to function. They store your authentication session so you stay logged in. These cannot be disabled.

Analytics cookies

We use Google Analytics to understand aggregate usage patterns — which features are used most, how users navigate the app, and where improvements are needed. Analytics data is anonymised and does not include your friend or conversation data.

No advertising or tracking

We do not use advertising cookies, cross-site tracking, or third-party marketing pixels of any kind.

Account deletion

How to delete your account

You can permanently delete your account from Settings. You will be asked to confirm before anything is deleted.

What gets deleted

Deleting your account permanently removes: your profile and credentials, all friends and their profiles, all conversations and extracted facts, all talking points and reminders, and all encrypted personal data. Everything is deleted completely. Nothing is retained.

This is irreversible

Account deletion is immediate and permanent. We do not keep backups of deleted accounts. Once you confirm, your data cannot be recovered.

Database backups

Automated database backups for disaster recovery are retained for a limited period. Your deleted data will be purged from backups within 30 days of deletion.

Security measures

We apply multiple layers of security to protect your data.

Mandatory two-factor authentication

Two-factor authentication is required for all accounts — it cannot be skipped. You'll use an authenticator app to generate a short-lived code each time you log in, protecting your account even if your password is compromised.

Password hashing

Passwords are processed using an industry-standard one-way hashing algorithm before storage. We never store or log plaintext passwords.

Encryption

All sensitive data is encrypted both in transit (HTTPS/TLS) and at rest (field-level encryption using industry-standard algorithms). Encryption keys are stored in a dedicated secrets management service, separate from the application code.

Data isolation

Every request validates that the resource being accessed belongs to the authenticated user. It is architecturally impossible for one user's data to appear in another user's session.

AI sandboxing

The AI processing pipeline receives only the scoped data required for a specific task. It has no database access, no user identifiers, and no visibility into other users' data.

Responsible disclosure

If you discover a security vulnerability, please report it to security@friendsonfile.com. We will acknowledge your report within 48 hours.

Changes to this policy

If we make material changes to this policy, we will notify you by email at least 14 days before the changes take effect. The updated policy will also be posted here with a revised date.

For non-material changes (such as fixing typos or clarifying language), we will update the policy without individual notification, but the date at the top of this page will always reflect the most recent revision.

Contact

If you have questions about this policy, want to exercise your data rights, or have a privacy concern, please reach out.

Privacy enquiries

privacy@friendsonfile.com

Security issues

security@friendsonfile.com

We aim to respond to all privacy requests within 30 days.